#!/bin/bash
## kola:
##   description: Verify that rootless pasta networking passt works.
##   # This test downloads containers and curls from the net.
##   tags: "platform-independent needs-internet"
##   # This test doesn't make meaningful changes to the system and
##   # should be able to be combined with other tests.
##   exclusive: false
##   # This test reaches out to the internet and it could take more
##   # time to pull down the container.
##   timeoutMin: 3

# See https://github.com/coreos/fedora-coreos-tracker/issues/1436

set -xeuo pipefail

# shellcheck disable=SC1091
. "$KOLA_EXT_DATA/commonlib.sh"

runascoreuserscript='#!/bin/bash
set -euxo pipefail
# Just a basic test that uses pasta network and sets the gateway
podman run -i --net=pasta:--mtu,1500 quay.io/fedora/fedora:39 bash <<"EOF"
set -euxo pipefail
# Verify the mtu got set to 1500. No /sbin/ip so just use /sys/class/net/<nic>/mtu
cat /sys/class/net/e*/mtu | grep 1500
# Download something from the internet. Here we use one of the test
# fixtures from the ignition.resource.remote test.
result=$(curl https://ignition-test-fixtures.s3.amazonaws.com/resources/anonymous)
[ "$result" == "kola-anonymous" ] || exit 1
EOF
'

runascoreuser() {
    # NOTE: If we don't use `| cat` the output won't get copied
    # to our unit and won't show up in the `systemctl status` output
    # of the ext test.
    sudo -u core "$@" | cat
}

main() {

    # Execute script as the core user to exercise rootless podman
    runascoreuserscriptpath=$(mktemp --suffix=runascoreuser)
    echo "$runascoreuserscript" > $runascoreuserscriptpath
    chmod +x $runascoreuserscriptpath
    chown core $runascoreuserscriptpath
    if runascoreuser $runascoreuserscriptpath; then
        ok "Podman with pasta networking succeeded!"
    else
        fatal "Podman with pasta networking failed"
    fi
}

main
